Re: selinux + livecd-creator, May 20, 2008

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2008-05-20 at 16:10 -0400, Eric Paris wrote:
> On Tue, 2008-05-20 at 15:33 -0400, Stephen Smalley wrote:
> > On Tue, 2008-05-20 at 15:12 -0400, Eric Paris wrote:
> > > ***passwd:
> > > running a system with selinux enforcing/permissive (doesn't matter) and
> > > attempting to run livecd-creator with selinux --disabled results in
> > > passwd espoloding.  passwd called is_selinux_enabled() which says yes
> > > since /proc/mounts has an selinuxfs and the passwd calls
> > > selinux_enforcing() which explodes when it can't find
> > > a /selinux/enforce.  First discussion was to change /proc/mounts to hide
> > > the selinuxfs, sounds like a good plan until I realize /proc/mounts is
> > > actually link to /proc/self/mounts and that its getting way to complex
> > > tying to set up FS namespaces or whatever this is going to take.  Right
> > > now I'm thinking of creating a /selinux with enforce=0 in all cases
> > > inside the chroot, anyone see a problem with that?  (I could also work
> > > on fixing passwd, but i'm trying to be as 'backwards compatible' as
> > > possible....
> > 
> > Wait - you are confusing /proc/mounts and /proc/filesystems.
> 
> You are (once again) correct.  Should be a lot easier to lie to  :)

I feel vindicated, I knew I saw that /proc/mounts was part of it....

init_selinuxmnt() is going to go through /proc/mounts inside the chroot
and find an selinuxfs mounted back out on the host system.  I think this
in turn is going to cause is_selinux_enabled() to return that selinux is
in fact enabled.  No proof but what i know for sure is that

cat /proc/filesystems | grep -v selinux > /tmp.filesystems
mount -o bind /tmp.filesystems /chroot/proc/filesystems

still caused passwd to fail because it thought selinux was enabled....

-Eric

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux